Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
225
Views
0
Helpful
3
Replies

Functionality Differences Between FPR Models

Go to solution
benweber
Level 1
Level 1

‎04-11-2025 12:28 PM

Does anyone know if there are any functionality limitations on the lower-end FPR models like the fpr1010? I have a client that is looking to replace 5516's at their main site and DR site with fpr1140s. But it's occurred to us that since the DR is almost never used we may be able to get away with using an fpr1010 there, especially since they already own one they aren't using.

I'm aware of the performance limitations but what I'm really curious about is the functionality. I recall the old 515s where they would run the same OS but you couldn't have a fully functional DMZ interface, for example. Cisco used to like to license that sort of thing so they couldn't be used for anything more complicated than basic SOHO environments. I've looked through the documentation and can't find anything but also know Cisco isn't always terribly upfront about it.

Does anyone know of any limitations?

 

Thanks.

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎04-11-2025 12:41 PM

@benweber What functionality do you require from the firewalls?

Other than performance/throughput, the 1010 doesn't support as many virtual routers (VRFs) or VPNs as the higher spec 1140. The 1010 has less memory than other devices, so would be unable to cache features such as the URL database, and would then have to perform cloud lookup.

 

View solution in original post

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to benweber

‎04-12-2025 11:37 PM

The features you mention would be supported on a 1010 that is FMC-managed. Throughput is the major limitation. Physically, it also uses an external power adapter since there is no built-in power supply

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎04-11-2025 12:41 PM

@benweber What functionality do you require from the firewalls?

Other than performance/throughput, the 1010 doesn't support as many virtual routers (VRFs) or VPNs as the higher spec 1140. The 1010 has less memory than other devices, so would be unable to cache features such as the URL database, and would then have to perform cloud lookup.

 

0 Helpful

Go to solution
benweber
Level 1
Level 1
In response to Rob Ingram

‎04-11-2025 12:51 PM - edited ‎04-11-2025 12:53 PM

Thanks Rob.

The sort of things we're using are:

-Multiple SSLVPN profiles. Currently we have 5 separate profiles and would need to be able to add more.

-Currently 15 subinterfaces for virtual DMZs. These are for nodes that require communication both out to the internet and to and from the internal network. (That one's a concern because that's functionality that was specifically limited on earlier SOHO firewalls from Cisco.)

-BGP peering (though nothing terribly complex)

-EIGRP

-SAML authentication for the remote access VPN.

-Static IPsec tunnels (though well under the limitations of the 1010)

That about covers it. I know throughput will be an issue but since this is DR only we're less worried about that. We don't use VRFs so that's not a concern.

 

Thanks,

B

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to benweber

‎04-12-2025 11:37 PM

The features you mention would be supported on a 1010 that is FMC-managed. Throughput is the major limitation. Physically, it also uses an external power adapter since there is no built-in power supply

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card